Utah

Utah Amends Data Breach Law, Creates Cyber Center

By Liisa Thomas, Julia Kadish & Kathryn Smith on April 21, 2023

Posted in Data Breach, Data Security, Utah Privacy

Utah’s breach notification requirements will change on May 3, 2023. The recently amended data breach notification law now requires companies to notify the Attorney General for a breach involving 500 or more state residents. If the breach involves 1,000 or more residents, then notification to each consumer reporting agency is also required.Continue Reading Utah Amends Data Breach Law, Creates Cyber Center

Comparing and Contrasting the Opt Out Preference Signal Across States

By Liisa Thomas & Julia Kadish on October 24, 2022

Posted in California, California Privacy, US Privacy

The talk of “opt-out preference signals” or global privacy controls (GPC) has been increasing as companies dig into the forthcoming requirements under US “comprehensive” privacy laws. What is an opt-out preference signal? An “opt-out preference signal” also known colloquially as ”GPC,” is a signal sent by a platform or technology on behalf of a consumer that communicates the consumer’s choice to opt out of sale or sharing. Below, we summarize how each of the states treats this requirement.Continue Reading Comparing and Contrasting the Opt Out Preference Signal Across States

State Comprehensive Privacy Laws: Status of the Regulations

By Liisa Thomas & Julia Kadish on October 20, 2022

Posted in California, California Privacy, US Privacy

With 2023 quickly approaching, many are spending this final quarter preparing for the five US state “comprehensive” privacy laws. Some of these contemplate clarifying regulations with technical and operational requirements. Requirements that will impact preparation activities.Continue Reading State Comprehensive Privacy Laws: Status of the Regulations

Utah Creates Data Breach Safe Harbor

By Julia Kadish & Liisa Thomas on April 12, 2021

Posted in Data Breach, Data Security

Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and reasonably comply with a written cybersecurity program may have an affirmative defense to litigation resulting after a data breach. For the safe harbor to apply, the written cybersecurity program must:
Continue Reading Utah Creates Data Breach Safe Harbor

States Continue to Step in to Safeguard Genetic Information

By Julia Kadish on March 29, 2021

Posted in Digital Health, Healthcare Privacy

Utah’s governor recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May, is aimed at protecting genetic data collected from direct-to-consumer genetic testing companies. Generally, the law creates requirements for (i) notice; (ii) consent for certain data uses; (iii) data security obligations; and (iv) access, deletion, and destruction rights.
Continue Reading States Continue to Step in to Safeguard Genetic Information

Eye On Privacy